| 1 | #define __FAVOR_BSD |
|---|
| 2 | #include "statbag.hh" |
|---|
| 3 | #include "dnspcap.hh" |
|---|
| 4 | #include "dnsparser.hh" |
|---|
| 5 | #include <boost/tuple/tuple.hpp> |
|---|
| 6 | #include <boost/tuple/tuple_comparison.hpp> |
|---|
| 7 | #include <map> |
|---|
| 8 | #include <set> |
|---|
| 9 | #include <fstream> |
|---|
| 10 | #include <algorithm> |
|---|
| 11 | #include "anadns.hh" |
|---|
| 12 | |
|---|
| 13 | using namespace boost; |
|---|
| 14 | using namespace std; |
|---|
| 15 | |
|---|
| 16 | StatBag S; |
|---|
| 17 | |
|---|
| 18 | struct Entry |
|---|
| 19 | { |
|---|
| 20 | uint32_t ip; |
|---|
| 21 | uint16_t port; |
|---|
| 22 | uint16_t id; |
|---|
| 23 | |
|---|
| 24 | bool operator<(const struct Entry& rhs) const |
|---|
| 25 | { |
|---|
| 26 | return tie(ip, port, id) < tie(rhs.ip, rhs.port, rhs.id); |
|---|
| 27 | } |
|---|
| 28 | }; |
|---|
| 29 | |
|---|
| 30 | |
|---|
| 31 | typedef map<Entry, uint32_t> emap_t; |
|---|
| 32 | emap_t ecount; |
|---|
| 33 | |
|---|
| 34 | int main(int argc, char** argv) |
|---|
| 35 | try |
|---|
| 36 | { |
|---|
| 37 | cout << "begin;"; |
|---|
| 38 | for(int n=1 ; n < argc; ++n) { |
|---|
| 39 | PcapPacketReader pr(argv[n]); |
|---|
| 40 | |
|---|
| 41 | Entry entry; |
|---|
| 42 | while(pr.getUDPPacket()) { |
|---|
| 43 | if(ntohs(pr.d_udp->uh_dport)==53 && pr.d_len > 12) { |
|---|
| 44 | try { |
|---|
| 45 | dnsheader* dh= (dnsheader*) pr.d_payload; |
|---|
| 46 | |
|---|
| 47 | if(dh->rd || dh->qr) |
|---|
| 48 | continue; |
|---|
| 49 | |
|---|
| 50 | MOADNSParser mdp((const char*)pr.d_payload, pr.d_len); |
|---|
| 51 | |
|---|
| 52 | memcpy(&entry.ip, &pr.d_ip->ip_src, 4); |
|---|
| 53 | entry.port = pr.d_udp->uh_sport; |
|---|
| 54 | entry.id=dh->id; |
|---|
| 55 | |
|---|
| 56 | // ecount[entry]++; |
|---|
| 57 | string::size_type pos = 0; |
|---|
| 58 | for(pos = 0; pos < mdp.d_qname.size() ; ++pos ) { |
|---|
| 59 | char c=mdp.d_qname[pos] ; |
|---|
| 60 | if(!isalnum(c) && c!='-' && c!='.') |
|---|
| 61 | break; |
|---|
| 62 | } |
|---|
| 63 | if(pos ==mdp.d_qname.size()) { |
|---|
| 64 | cout << "insert into dnsstats (source, port, id, query, qtype, tstampSec, tstampUsec, arcount) values ('" << U32ToIP(ntohl(entry.ip)) <<"', "<< ntohs(entry.port) <<", "<< ntohs(dh->id); |
|---|
| 65 | cout <<", '"<<mdp.d_qname<<"', "<<mdp.d_qtype<<", " << pr.d_pheader.ts.tv_sec <<", " << pr.d_pheader.ts.tv_usec; |
|---|
| 66 | cout <<", "<< ntohs(dh->arcount) <<");\n"; |
|---|
| 67 | } |
|---|
| 68 | |
|---|
| 69 | } |
|---|
| 70 | catch(MOADNSException& mde) { |
|---|
| 71 | // cerr<<"error parsing packet: "<<mde.what()<<endl; |
|---|
| 72 | continue; |
|---|
| 73 | } |
|---|
| 74 | catch(std::exception& e) { |
|---|
| 75 | cerr << e.what() << endl; |
|---|
| 76 | continue; |
|---|
| 77 | } |
|---|
| 78 | } |
|---|
| 79 | } |
|---|
| 80 | } |
|---|
| 81 | cout <<"commit;"; |
|---|
| 82 | /* |
|---|
| 83 | for(emap_t::const_iterator i = ecount.begin(); i != ecount.end(); ++i) { |
|---|
| 84 | if(i->second > 1) |
|---|
| 85 | cout << U32ToIP(ntohl(i->first.ip)) <<":"<<ntohs(i->first.port)<<" -> "<<i->second <<endl; |
|---|
| 86 | } |
|---|
| 87 | */ |
|---|
| 88 | |
|---|
| 89 | } |
|---|
| 90 | catch(std::exception& e) |
|---|
| 91 | { |
|---|
| 92 | cerr<<"Fatal: "<<e.what()<<endl; |
|---|
| 93 | } |
|---|
